What Does DNSChanger Do to My Computer?
DNSChanger malware causes a computer to use rogue DNS servers in one of two ways.
First, it changes the computer’s DNS server settings to replace the ISP’s good DNS servers
with rogue DNS servers operated by the criminal. Second, it attempts to access devices on
the victim’s small office/home office (SOHO) network that run a dynamic host configuration
protocol (DHCP) server (eg. a router or home gateway). The malware attempts to access
these devices using common default usernames and passwords and, if successful, changes
the DNS servers these devices use from the ISP’s good DNS servers to rogue DNS servers
operated by the criminals. This is a change that may impact all computers on the SOHO
network, even if those computers are not infected with the malware.
Am I Infected?
The best way to know that is by going to the website DNS Changer Check-Up
If it shows Green then you have nothing to worry about.
What Should I Do?
In addition to directing your computer to utilize rogue DNS servers, the DNSChanger
malware may have prevented your computer from obtaining operating system and antimalware updates, both critical to protecting your computer from online threats. This
behavior increases the likelihood of your computer being infected by additional malware.
The criminals who conspired to infect computers with this malware utilized various methods
to spread the infections. At this time, there is no single patch or fix that can be downloaded
and installed to remove this malware. Individuals who believe their computer may be
infected should consult a computer professional.
Individuals who do not have a recent back-up of their important documents, photos, music,
and other files should complete a back-up before attempting to clean the malware or utilize
the restore procedures that may have been packaged with your computer.
Information regarding malicious software removal can be found at the website of the United
States Computer Emergency Readiness Team: Recovering from a Trogan.